Data privacy and retention
Metadata-only tracing by default, the trace privacy modes, retention profiles, encryption in transit and at rest, and no raw prompt logs.
Zumik collects the minimum needed to operate. Tracing defaults to metadata only, no raw prompt text is logged, and any richer mode is something you opt into explicitly.
Metadata-only by default
By default, traces store lengths, timing, fingerprints, lineage, and usage, never the prompt text. That is enough to run a workload diagnostic and report reuse, and it keeps the most sensitive data out of the platform entirely.
Trace privacy modes
Choose the mode per request on /v2, or with the Agent-Trace-Mode header on /v1. Higher fidelity is opt-in and tied to your retention policy.
| Mode | Stored data | Use case |
|---|---|---|
metadata | Lengths, timing, fingerprints, lineage, usage | Low-risk diagnostics (default) |
tokenized | Token IDs plus redacted metadata | Faithful performance replay without plaintext |
encrypted_full_fidelity | Encrypted source payloads under customer-controlled policy | Output-quality evaluation |
A fourth mode, synthetic, generates a structurally similar workload with no real content, for public benchmarking and stress tests. Raw prompt text is never retained by default in any mode you do not explicitly select.
Tokenized and full-fidelity modes exist so replay can faithfully reproduce a workload. They are deliberate choices recorded against your project, not a default.
Retention profiles
A project carries a retention profile that governs how long retained representations live and the purge guarantee class deletion can achieve for each processor. Retention, routing, and purge behavior are disclosed to you rather than left vague, because a purge claim can only be as strong as the underlying profile supports.
Provider-managed caches are a real limit here: some providers do not support active manual cache clearing, so a managed-provider profile exposes an expiry-bound guarantee instead of falsely claiming an immediate physical purge. See retention and purge for the guarantee classes and what each one means.
Encryption
- In transit. TLS 1.2 minimum, TLS 1.3 preferred, everywhere. Deprecated algorithms (MD5, SHA-1, RC4, DES) are not used.
- At rest. Data at rest is encrypted with AES-256-GCM or equivalent. BYOK provider keys are sealed with AES-256-GCM and decrypted only at execution time; the sealed nonce-and-ciphertext form is all that is ever persisted, and plaintext never touches the store or a log.
- Internal fingerprints use HMAC-SHA256 with tenant-scoped keys. See tenant isolation.
Regional policy
Data residency defaults to US regions. Enterprise customers can configure residency to the EU or other supported regions through project policy, and Zumik does not process or store customer data outside the configured region without explicit consent. See GDPR and CCPA for residency and subject rights, and regional policy for the routing controls.
Consent and audit
Non-essential processing is off until you opt in. Analytics consent defaults to off, Do-Not-Sell is always honored, and Global Privacy Control browser signals are honored at the edge. Consent changes are written to the audit log so the choice is provable.
Tenant isolation
How Zumik namespaces every object by tenant, uses opaque IDs and HMAC fingerprints, and verifies isolation with destructive cross-tenant tests against BOLA and IDOR.
GDPR and CCPA
Data residency, the right to access, erasure, portability, and rectification, consent, the DPA and sub-processor list, and CCPA Do-Not-Sell and Global Privacy Control handling.